36 matches found
EUVD-2024-50973
Malicious code in bioql PyPI...
EUVD-2023-57399
Malicious code in bioql PyPI...
EUVD-2024-2433
Malicious code in bioql PyPI...
CVE-2024-12582
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...
CVE-2024-12582
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...
CVE-2024-12582 Skupper: skupper-cli: flawed authentication method may lead to arbitrary file read or denial of service
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...
CVE-2024-12582
CVE-2024-12582 affects the Skupper/Red Hat Service Interconnect console. A flaw in the default authentication method persists a random admin password in plaintext in a Kubernetes secret or podman volume, enabling an attacker to read user files inside the container and potentially trigger resource...
SUSE CVE-2024-12582
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...
PT-2024-9926 · Unknown · Skupper Console
Name of the Vulnerable Software and Affected Versions: Skupper console affected versions not specified Description: A flaw was found in the Skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybr...
Red Hat Service Interconnect 安全漏洞
Red Hat Service Interconnect, a Red Hat company, is based on the open source project Skupper and is designed to simplify application connectivity across hybrid cloud environments. A security vulnerability exists in Red Hat Service Interconnect that stems from the use of a flawed authentication...
RHSA-2023:6165 Red Hat Security Advisory: skupper-cli and skupper-router security update
Bulletin has no description...
Moderate: Red Hat Security Advisory: Red Hat Service Interconnect security update
An update is now available for Service Interconnect 1 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Moderate: Red Hat Security Advisory: Red Hat Service Interconnect security update
An update is now available for Service Interconnect 1.4 LTS for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
GO-2024-2987 Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper
Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper...
Authentication Bypass
Skupper is vulnerable to Authentication Bypass. The vulnerability is due to configuring the OpenShift oauth-proxy with a static cookie-secret, which allows an attacker to bypass authentication via a specially-crafted cookie when console-auth is set to OpenShift...
GHSA-W799-V85J-88PG Skupper uses a static cookie secret for the openshift oauth-proxy
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
Skupper uses a static cookie secret for the openshift oauth-proxy
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
CVE-2024-6535
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
CVE-2024-6535
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...
CVE-2024-6535
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a...